Cross-Origin Opener Policy Vulnerability in pgAdmin by pgAdmin Group
CVE-2025-9636

7.9HIGH

Key Information:

Vendor: Pgadmin.org
Status: Pgadmin 4
Vendor: CVE Published:; 4 September 2025

🔔 Create Pgadmin.org Vulnerability Alert

What is CVE-2025-9636?

pgAdmin versions up to 9.7 exhibit a security vulnerability related to the Cross-Origin Opener Policy (COOP). This vulnerability allows attackers to exploit the OAuth authentication flow, potentially granting them unauthorized access to user accounts, enabling account hijacking, leading to data breaches, and permitting privilege escalation. Users of pgAdmin are advised to review their security settings and apply necessary mitigations to protect against these risks.

Affected Version(s)

pgAdmin 4 0

References

https://github.com/pgadmin-org/pgadmin4/issues/9114

issue-tracking

CVSS V3.1

Score:

7.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Aug 28, 2025